From 949b8cda14ec037386da34c43248ebd60542f5da Mon Sep 17 00:00:00 2001 From: shadlaws Date: Sat, 2 Feb 2013 10:02:37 +0100 Subject: Follow-on to f83ed5f8716663a45c9d8e8118bbcf0e2849c3fb for #1982. - Fix unit test for album url since empty albums now have thumbnails. --- modules/gallery/tests/Item_Model_Test.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 41361b32..35b865c4 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -464,10 +464,9 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { preg_match("|http://./var/albums/name_\w+\.jpg\?m=\d+|", $photo->file_url()), $photo->file_url() . " is malformed"); - // Albums have special thumbnails. Empty album has cachebuster of 0 since it has no thumbnail $album = test::random_album(); $this->assert_true( - preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=0|", $album->thumb_url()), + preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=\d+|", $album->thumb_url()), $album->thumb_url() . " is malformed"); $photo = test::random_photo($album); -- cgit v1.2.3 From c4b2f79a677e38a9af87827ad2e753275eb37f6b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 5 Feb 2013 13:02:26 -0500 Subject: Force a sort order no sibling checks. Fixes #1990. --- modules/search/helpers/search.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index b1bde359..b21e59dd 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -132,11 +132,12 @@ class search_Core { static function get_position_within_album($item, $q, $album) { $page_size = module::get_var("gallery", "page_size", 9); - $query = self::_build_query_base($q, $album, array("{items}.id = " . $item->id)); + $query = self::_build_query_base($q, $album, array("{items}.id = " . $item->id)) . + "ORDER BY `score` DESC "; $db = Database::instance(); // Truncate the score by two decimal places as this resolves the issues - // that arise due to in exact numeric conversions. + // that arise due to inexact numeric conversions. $current = $db->query($query)->current(); if (!$current) { // We can't find this result in our result set - perhaps we've fallen out of context? Clear @@ -149,7 +150,10 @@ class search_Core { $score = substr($score, 0, strlen($score) - 2); } - $data = $db->query(self::_build_query_base($q, $album) . " HAVING `score` >= " . $score); + // Redo the query but only look for results greater than or equal to our current location + // then seek backwards until we find our item. + $data = $db->query(self::_build_query_base($q, $album) . " HAVING `score` >= " . $score . + "ORDER BY `score` DESC "); $data->seek($data->count() - 1); while ($data->get("id") != $item->id && $data->prev()->valid()) { -- cgit v1.2.3 From 1ae1165229813421384341e7ab83a834e08ca6f0 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Wed, 6 Feb 2013 10:24:06 +0100 Subject: Follow-on to 949b8cda14ec037386da34c43248ebd60542f5da for #1982. - Add extra condition to Item_Model_Test::urls_test to test cache busters of missing files. - Previous commit fixes unit test for empty album url, but now no test checks missing files. --- modules/gallery/tests/Item_Model_Test.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'modules') diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 35b865c4..a1c5bce6 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -473,6 +473,12 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true( preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=\d+|", $album->thumb_url()), $album->thumb_url() . " is malformed"); + + // If the file does not exist, we should return a cache buster of m=0. + unlink($album->thumb_path()); + $this->assert_true( + preg_match("|http://./var/thumbs/name_\w+/\.album\.jpg\?m=0|", $album->thumb_url()), + $album->thumb_url() . " is malformed"); } public function legal_extension_test() { -- cgit v1.2.3 From faa719551d68308be8a1c41d9cd6104604958593 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Wed, 6 Feb 2013 11:04:24 +0100 Subject: #1991 - Add options to graphics::mark_dirty to specify type and/or mime type. - graphics::mark_dirty - added $type and $mime_type as options. - graphics::mark_dirty - used options to set additional where conditions. --- modules/gallery/helpers/graphics.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 7c8e89d5..4df57fba 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -314,12 +314,19 @@ class graphics_Core { } /** - * Mark thumbnails and resizes as dirty. They will have to be rebuilt. + * Mark thumbnails and resizes as dirty. They will have to be rebuilt. Optionally, only those of + * a specified type and/or mime type can be marked (e.g. $type="movie" to rebuild movies only). */ - static function mark_dirty($thumbs, $resizes) { + static function mark_dirty($thumbs, $resizes, $type=null, $mime_type=null) { if ($thumbs || $resizes) { $db = db::build() ->update("items"); + if ($type) { + $db->where("type", "=", $type); + } + if ($mime_type) { + $db->where("mime_type", "=", $mime_type); + } if ($thumbs) { $db->set("thumb_dirty", 1); } -- cgit v1.2.3 From 2da4d9dd1f99707778b61a320601921243202d2c Mon Sep 17 00:00:00 2001 From: shadlaws Date: Thu, 7 Feb 2013 09:49:28 +0100 Subject: #1992 - Improve examples for thumb/resize/file path/url functions in item model. Documentation-only changes to examples used in: - Item_Model::url - Item_Model::abs_url - Item_Model::file_path - Item_Model::file_url - Item_Model::resize_path - Item_Model::resize_url - Item_Model::thumb_path - Item_Model::thumb_url --- modules/gallery/models/item.php | 64 +++++++++++++++++++++++++++++------------ 1 file changed, 46 insertions(+), 18 deletions(-) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index f80fc53a..197d3057 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -129,10 +129,11 @@ class Item_Model_Core extends ORM_MPTT { /** * Return the server-relative url to this item, eg: - * /gallery3/index.php/BobsWedding?page=2 - * /gallery3/index.php/BobsWedding/Eating-Cake.jpg + * album: /gallery3/index.php/Bobs%20Wedding?page=2 + * photo: /gallery3/index.php/Bobs%20Wedding/Eating-Cake + * movie: /gallery3/index.php/Bobs%20Wedding/First-Dance * - * @param string $query the query string (eg "show=3") + * @param string $query the query string (eg "page=2") */ public function url($query=null) { $url = url::site($this->relative_url()); @@ -144,10 +145,11 @@ class Item_Model_Core extends ORM_MPTT { /** * Return the full url to this item, eg: - * http://example.com/gallery3/index.php/BobsWedding?page=2 - * http://example.com/gallery3/index.php/BobsWedding/Eating-Cake.jpg + * album: http://example.com/gallery3/index.php/Bobs%20Wedding?page=2 + * photo: http://example.com/gallery3/index.php/Bobs%20Wedding/Eating-Cake + * movie: http://example.com/gallery3/index.php/Bobs%20Wedding/First-Dance * - * @param string $query the query string (eg "show=3") + * @param string $query the query string (eg "page=2") */ public function abs_url($query=null) { $url = url::abs_site($this->relative_url()); @@ -158,16 +160,24 @@ class Item_Model_Core extends ORM_MPTT { } /** - * album: /var/albums/album1/album2 - * photo: /var/albums/album1/album2/photo.jpg + * Return the full path to this item's file, eg: + * album: /usr/home/www/gallery3/var/albums/Bobs Wedding + * photo: /usr/home/www/gallery3/var/albums/Bobs Wedding/Eating-Cake.jpg + * movie: /usr/home/www/gallery3/var/albums/Bobs Wedding/First-Dance.mp4 */ public function file_path() { return VARPATH . "albums/" . urldecode($this->relative_path()); } /** - * album: http://example.com/gallery3/var/resizes/album1/ - * photo: http://example.com/gallery3/var/albums/album1/photo.jpg + * Return the relative url to this item's file, with cache buster, eg: + * album: var/albums/Bobs%20Wedding?m=1234567890 + * photo: var/albums/Bobs%20Wedding/Eating-Cake.jpg?m=1234567890 + * movie: var/albums/Bobs%20Wedding/First-Dance.mp4?m=1234567890 + * If $full_uri==true, return the full url to this item's file, with cache buster, eg: + * album: http://example.com/gallery3/var/albums/Bobs%20Wedding?m=1234567890 + * photo: http://example.com/gallery3/var/albums/Bobs%20Wedding/Eating-Cake.jpg?m=1234567890 + * movie: http://example.com/gallery3/var/albums/Bobs%20Wedding/First-Dance.mp4?m=1234567890 */ public function file_url($full_uri=false) { $relative_path = "var/albums/" . $this->relative_path(); @@ -177,8 +187,10 @@ class Item_Model_Core extends ORM_MPTT { } /** - * album: /var/resizes/album1/.thumb.jpg - * photo: /var/albums/album1/photo.thumb.jpg + * Return the full path to this item's thumb, eg: + * album: /usr/home/www/gallery3/var/thumbs/Bobs Wedding/.album.jpg + * photo: /usr/home/www/gallery3/var/thumbs/Bobs Wedding/Eating-Cake.jpg + * movie: /usr/home/www/gallery3/var/thumbs/Bobs Wedding/First-Dance.jpg */ public function thumb_path() { $base = VARPATH . "thumbs/" . urldecode($this->relative_path()); @@ -200,8 +212,14 @@ class Item_Model_Core extends ORM_MPTT { } /** - * album: http://example.com/gallery3/var/resizes/album1/.thumb.jpg - * photo: http://example.com/gallery3/var/albums/album1/photo.thumb.jpg + * Return the relative url to this item's thumb, with cache buster, eg: + * album: var/thumbs/Bobs%20Wedding/.album.jpg?m=1234567890 + * photo: var/thumbs/Bobs%20Wedding/Eating-Cake.jpg?m=1234567890 + * movie: var/thumbs/Bobs%20Wedding/First-Dance.mp4?m=1234567890 + * If $full_uri==true, return the full url to this item's file, with cache buster, eg: + * album: http://example.com/gallery3/var/thumbs/Bobs%20Wedding/.album.jpg?m=1234567890 + * photo: http://example.com/gallery3/var/thumbs/Bobs%20Wedding/Eating-Cake.jpg?m=1234567890 + * movie: http://example.com/gallery3/var/thumbs/Bobs%20Wedding/First-Dance.mp4?m=1234567890 */ public function thumb_url($full_uri=false) { $cache_buster = $this->_cache_buster($this->thumb_path()); @@ -219,8 +237,11 @@ class Item_Model_Core extends ORM_MPTT { } /** - * album: /var/resizes/album1/.resize.jpg - * photo: /var/albums/album1/photo.resize.jpg + * Return the full path to this item's resize, eg: + * album: /usr/home/www/gallery3/var/resizes/Bobs Wedding/.album.jpg (*) + * photo: /usr/home/www/gallery3/var/resizes/Bobs Wedding/Eating-Cake.jpg + * movie: /usr/home/www/gallery3/var/resizes/Bobs Wedding/First-Dance.mp4 (*) + * (*) Since only photos have resizes, album and movie paths are fictitious. */ public function resize_path() { return VARPATH . "resizes/" . urldecode($this->relative_path()) . @@ -228,8 +249,15 @@ class Item_Model_Core extends ORM_MPTT { } /** - * album: http://example.com/gallery3/var/resizes/album1/.resize.jpg - * photo: http://example.com/gallery3/var/albums/album1/photo.resize.jpg + * Return the relative url to this item's resize, with cache buster, eg: + * album: var/resizes/Bobs%20Wedding/.album.jpg?m=1234567890 (*) + * photo: var/resizes/Bobs%20Wedding/Eating-Cake.jpg?m=1234567890 + * movie: var/resizes/Bobs%20Wedding/First-Dance.mp4?m=1234567890 (*) + * If $full_uri==true, return the full url to this item's file, with cache buster, eg: + * album: http://example.com/gallery3/var/resizes/Bobs%20Wedding/.album.jpg?m=1234567890 (*) + * photo: http://example.com/gallery3/var/resizes/Bobs%20Wedding/Eating-Cake.jpg?m=1234567890 + * movie: http://example.com/gallery3/var/resizes/Bobs%20Wedding/First-Dance.mp4?m=1234567890 (*) + * (*) Since only photos have resizes, album and movie urls are fictitious. */ public function resize_url($full_uri=false) { $relative_path = "var/resizes/" . $this->relative_path(); -- cgit v1.2.3 From 27ec3b4c6c9e5bd9fa61fd613b9b68af37eab1e4 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 7 Feb 2013 15:08:55 -0500 Subject: Follow-on to 1e4d75c12072b49c3469f18af13bcf3439afc6b0 for #1975. Don't try to use an array index on a function return, that's not supported in PHP 5.3 --- modules/search/controllers/search.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/search/controllers/search.php b/modules/search/controllers/search.php index 673a281f..b54d7699 100644 --- a/modules/search/controllers/search.php +++ b/modules/search/controllers/search.php @@ -111,6 +111,7 @@ class Search_Controller extends Controller { } static function get_siblings($q, $album) { - return search::search_within_album(search::add_query_terms($q), $album, 1000, 1)[1]; + $result = search::search_within_album(search::add_query_terms($q), $album, 1000, 1); + return $result[1]; } } -- cgit v1.2.3 From 2dc97fab053996dcb5fe743329e1b786ca43712d Mon Sep 17 00:00:00 2001 From: shadlaws Date: Fri, 8 Feb 2013 09:03:57 +0100 Subject: #1993 - Remove "failed" query string from upgrader redirect if there are no errors. - Changed redirect if it finished without failures. - No change to Upgrader_Controller::index(), since its behavior with an empty vs. undefined failed query is identical. --- modules/gallery/controllers/upgrader.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index e60385d9..d3c6e2ec 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -107,7 +107,11 @@ class Upgrader_Controller extends Controller { print "Upgrade complete\n"; } } else { - url::redirect("upgrader?failed=" . join(",", $failed)); + if ($failed) { + url::redirect("upgrader?failed=" . join(",", $failed)); + } else { + url::redirect("upgrader"); + } } } } -- cgit v1.2.3 From 0312d1b071bd4434ddb3f82888b0323da6bf3732 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Fri, 8 Feb 2013 13:51:41 +0100 Subject: #1994 - Make get_file_metadata throw an exception if photo or movie is unidentifiable/illegal. - photo & movie helpers: modified to throw exceptions when file is known to be unidentifiable/illegal. - item model: revised to work with exceptions and be more explicit when the data file is invalid. - item model: removed duplicate get_file_metadata call for updated items. - admin_watermarks controller: revised to work with exceptions (really cleans up logic here). - graphics helper: revised to handle invalid placeholders (a nearly-impossible corner case, but still...). - photo & movie helper tests: revised to work with exceptions, added new tests for illegal files with valid extensions. - item model tests: revised to work with exceptions, added new tests for illegal files with valid extensions. --- modules/gallery/helpers/gallery_graphics.php | 5 ++ modules/gallery/helpers/graphics.php | 11 +++- modules/gallery/helpers/movie.php | 10 ++- modules/gallery/helpers/photo.php | 9 ++- modules/gallery/models/item.php | 71 +++++++++++++--------- modules/gallery/tests/Item_Model_Test.php | 16 ++++- modules/gallery/tests/Movie_Helper_Test.php | 36 +++++++++-- modules/gallery/tests/Photo_Helper_Test.php | 18 +++++- modules/watermark/controllers/admin_watermarks.php | 13 ++-- 9 files changed, 139 insertions(+), 50 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_graphics.php b/modules/gallery/helpers/gallery_graphics.php index b78bd9a7..eb76353f 100644 --- a/modules/gallery/helpers/gallery_graphics.php +++ b/modules/gallery/helpers/gallery_graphics.php @@ -172,6 +172,11 @@ class gallery_graphics_Core { module::event("graphics_composite_completed", $input_file, $output_file, $options, $item); } catch (ErrorException $e) { + // Unlike rotate and resize, composite catches its exceptions here. This is because + // composite is typically called for watermarks. If during thumb/resize generation + // the watermark fails, we'd still like the image resized, just without its watermark. + // If the exception isn't caught here, graphics::generate will replace it with a + // placeholder. Kohana_Log::add("error", $e->getMessage()); } } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 4df57fba..e34af018 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -224,7 +224,16 @@ class graphics_Core { graphics::_replace_image_with_placeholder($item, "resize"); } graphics::_replace_image_with_placeholder($item, "thumb"); - graphics::_update_item_dimensions($item); + try { + graphics::_update_item_dimensions($item); + } catch (Exception $e) { + // Looks like get_file_metadata couldn't identify our placeholders. We should never get + // here, but in the odd case we do, we need to do something. Let's put in hardcoded values. + if ($item->is_photo()) { + list ($item->resize_width, $item->resize_height) = array(200, 200); + } + list ($item->thumb_width, $item->thumb_height) = array(200, 200); + } $item->save(); throw $e; } diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 6844771b..d4b907a2 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -192,8 +192,16 @@ class movie_Core { $metadata->extension = strtolower($extension); } - // Run movie_get_file_metadata events which can modify the class, then return results. + // Run movie_get_file_metadata events which can modify the class. module::event("movie_get_file_metadata", $file_path, $metadata); + + // If the post-events results are invalid, throw an exception. Note that, unlike photos, having + // zero width and height isn't considered invalid (as is the case when FFmpeg isn't installed). + if (!$metadata->mime_type || !$metadata->extension || + ($metadata->mime_type != legal_file::get_movie_types_by_extension($metadata->extension))) { + throw new Exception("@todo ILLEGAL_OR_UNINDENTIFIABLE_FILE"); + } + return array($metadata->width, $metadata->height, $metadata->mime_type, $metadata->extension, $metadata->duration); } diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 51e51507..2d32f0d3 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -133,8 +133,15 @@ class photo_Core { $metadata->height = 0; } - // Run photo_get_file_metadata events which can modify the class, then return results. + // Run photo_get_file_metadata events which can modify the class. module::event("photo_get_file_metadata", $file_path, $metadata); + + // If the post-events results are invalid, throw an exception. + if (!$metadata->width || !$metadata->height || !$metadata->mime_type || !$metadata->extension || + ($metadata->mime_type != legal_file::get_photo_types_by_extension($metadata->extension))) { + throw new Exception("@todo ILLEGAL_OR_UNINDENTIFIABLE_FILE"); + } + return array($metadata->width, $metadata->height, $metadata->mime_type, $metadata->extension); } } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 197d3057..33b8a89d 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -21,6 +21,7 @@ class Item_Model_Core extends ORM_MPTT { protected $children = "items"; protected $sorting = array(); public $data_file = null; + private $data_file_error = null; public function __construct($id=null) { parent::__construct($id); @@ -378,18 +379,26 @@ class Item_Model_Core extends ORM_MPTT { // Get the width, height and mime type from our data file for photos and movies. if ($this->is_photo() || $this->is_movie()) { - if ($this->is_photo()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - movie::get_file_metadata($this->data_file); - } - - // Force an extension onto the name if necessary - $pi = pathinfo($this->data_file); - if (empty($pi["extension"])) { - $this->name = "{$this->name}.$extension"; + try { + if ($this->is_photo()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + photo::get_file_metadata($this->data_file); + } else if ($this->is_movie()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + movie::get_file_metadata($this->data_file); + } + + // Force an extension onto the name if necessary + $pi = pathinfo($this->data_file); + if (empty($pi["extension"])) { + $this->name = "{$this->name}.$extension"; + } + + // Data file valid - make sure the flag is reset to false. + $this->data_file_error = false; + } catch (Exception $e) { + // Data file invalid - set the flag so it's reported during item validation. + $this->data_file_error = true; } } @@ -436,17 +445,24 @@ class Item_Model_Core extends ORM_MPTT { // appropriate for its data. We don't try to preserve the name of the data file, though, // because the name is typically a temporary randomly-generated name. if (isset($this->data_file)) { - $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); - $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; - if (!empty($extension) && strcmp($this->name, $new_name)) { - $this->name = $new_name; - } - if ($this->is_photo()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - movie::get_file_metadata($this->data_file); + try { + $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); + $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; + if (!empty($extension) && strcmp($this->name, $new_name)) { + $this->name = $new_name; + } + if ($this->is_photo()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + photo::get_file_metadata($this->data_file); + } else if ($this->is_movie()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + movie::get_file_metadata($this->data_file); + } + // Data file valid - make sure the flag is reset to false. + $this->data_file_error = false; + } catch (Exception $e) { + // Data file invalid - set the flag so it's reported during item validation. + $this->data_file_error = true; } } @@ -524,13 +540,6 @@ class Item_Model_Core extends ORM_MPTT { // Replace the data file, if requested. if ($this->data_file && ($this->is_photo() || $this->is_movie())) { copy($this->data_file, $this->file_path()); - - // Get the width, height and mime type from our data file for photos and movies. - if ($this->is_photo()) { - list ($this->width, $this->height) = photo::get_file_metadata($this->file_path()); - } else if ($this->is_movie()) { - list ($this->width, $this->height) = movie::get_file_metadata($this->file_path()); - } $this->thumb_dirty = 1; $this->resize_dirty = 1; } @@ -966,6 +975,8 @@ class Item_Model_Core extends ORM_MPTT { $v->add_error("name", "bad_data_file_path"); } else if (filesize($this->data_file) == 0) { $v->add_error("name", "empty_data_file"); + } else if ($this->data_file_error) { + $v->add_error("name", "invalid_data_file"); } } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index a1c5bce6..a93498dd 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -445,13 +445,25 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("mime_type" => "invalid", "name" => "illegal_data_file_extension"), - $e->validation->errors()); + $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); } + public function unsafe_data_file_replacement_with_valid_extension_test() { + $temp_file = TMPPATH . "masquerading_php.jpg"; + copy(MODPATH . "gallery/tests/Item_Model_Test.php", $temp_file); + try { + $photo = test::random_photo(); + $photo->set_data_file($temp_file); + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors()); + return; // pass + } + } + public function urls_test() { $photo = test::random_photo(); $this->assert_true( diff --git a/modules/gallery/tests/Movie_Helper_Test.php b/modules/gallery/tests/Movie_Helper_Test.php index 0c262620..03fa2da9 100644 --- a/modules/gallery/tests/Movie_Helper_Test.php +++ b/modules/gallery/tests/Movie_Helper_Test.php @@ -64,18 +64,42 @@ class Movie_Helper_Test extends Gallery_Unit_Test_Case { public function get_file_metadata_with_no_extension_test() { copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_no_extension"); - $this->assert_equal(array(360, 288, null, null, 6.00), - movie::get_file_metadata(TMPPATH . "test_flv_with_no_extension")); + // Since mime type and extension are based solely on the filename, this is considered invalid. + try { + $metadata = movie::get_file_metadata(TMPPATH . "test_flv_with_no_extension"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } } public function get_file_metadata_with_illegal_extension_test() { - $this->assert_equal(array(0, 0, null, null, 0), - movie::get_file_metadata(MODPATH . "gallery/tests/Movie_Helper_Test.php")); + try { + $metadata = movie::get_file_metadata(MODPATH . "gallery/tests/Movie_Helper_Test.php"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } } public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() { copy(MODPATH . "gallery/tests/test.flv", TMPPATH . "test_flv_with_php_extension.php"); - $this->assert_equal(array(360, 288, null, null, 6.00), - movie::get_file_metadata(TMPPATH . "test_flv_with_php_extension.php")); + // Since mime type and extension are based solely on the filename, this is considered invalid. + try { + $metadata = movie::get_file_metadata(TMPPATH . "test_flv_with_php_extension.php"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + + public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() { + copy(MODPATH . "gallery/tests/Photo_Helper_Test.php", TMPPATH . "test_php_with_flv_extension.flv"); + // Since mime type and extension are based solely on the filename, this is considered valid. + // Of course, FFmpeg cannot extract width, height, or duration from the file. Note that this + // isn't a really a security problem, since the filename doesn't have a php extension and + // therefore will never be executed. + $this->assert_equal(array(0, 0, "video/x-flv", "flv", 0), + movie::get_file_metadata(TMPPATH . "test_php_with_flv_extension.flv")); } } diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php index 5207a6db..79b5ccfd 100644 --- a/modules/gallery/tests/Photo_Helper_Test.php +++ b/modules/gallery/tests/Photo_Helper_Test.php @@ -40,8 +40,12 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case { } public function get_file_metadata_with_illegal_extension_test() { - $this->assert_equal(array(0, 0, null, null), - photo::get_file_metadata(MODPATH . "gallery/tests/Photo_Helper_Test.php")); + try { + $metadata = photo::get_file_metadata(MODPATH . "gallery/tests/Photo_Helper_Test.php"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } } public function get_file_metadata_with_illegal_extension_but_valid_file_contents_test() { @@ -53,4 +57,14 @@ class Photo_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal(array(1024, 768, "image/jpeg", "jpg"), photo::get_file_metadata(TMPPATH . "test_jpg_with_php_extension.php")); } + + public function get_file_metadata_with_valid_extension_but_illegal_file_contents_test() { + copy(MODPATH . "gallery/tests/Photo_Helper_Test.php", TMPPATH . "test_php_with_jpg_extension.jpg"); + try { + $metadata = photo::get_file_metadata(TMPPATH . "test_php_with_jpg_extension.jpg"); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } } diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 27c2efc9..59bb7fa9 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -102,18 +102,17 @@ class Admin_Watermarks_Controller extends Admin_Controller { $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]); $name = legal_file::smash_extensions($name); - list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); - if (!$width || !$height || !$mime_type || !$extension || - !legal_file::get_photo_extensions($extension)) { - message::error(t("Invalid or unidentifiable image file")); - @unlink($file); - return; - } else { + try { + list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); // Force correct, legal extension type on file, which will be of our canonical type // (i.e. all lowercase, jpg instead of jpeg, etc.). This renaming prevents the issues // addressed in ticket #1855, where an image that looked valid (header said jpg) with a // php extension was previously accepted without changing its extension. $name = legal_file::change_extension($name, $extension); + } catch (Exception $e) { + message::error(t("Invalid or unidentifiable image file")); + @unlink($file); + return; } rename($file, VARPATH . "modules/watermark/$name"); -- cgit v1.2.3 From 942233dd26a02f86936963e5e7adfea6ae746bba Mon Sep 17 00:00:00 2001 From: shadlaws Date: Fri, 8 Feb 2013 15:21:57 +0100 Subject: #1996 - Add blacklist to legal_file helper. Adding a blacklist to legal_file could prevent possible security holes arising from a contributed module that adds file types by user input (e.g. an admin screen). --- modules/gallery/helpers/legal_file.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index ab9047c8..9ed564a1 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -24,6 +24,8 @@ class legal_file_Core { private static $movie_extensions; private static $photo_types; private static $movie_types; + private static $blacklist = array("php", "php3", "php4", "php5", "phtml", "phtm", "shtml", "shtm", + "pl", "cgi", "asp", "sh", "py", "c", "js"); /** * Create a default list of allowed photo MIME types paired with their extensions and then let @@ -38,6 +40,9 @@ class legal_file_Core { $types_by_extension_wrapper->types_by_extension = array( "jpg" => "image/jpeg", "jpeg" => "image/jpeg", "gif" => "image/gif", "png" => "image/png"); module::event("photo_types_by_extension", $types_by_extension_wrapper); + foreach (self::$blacklist as $key) { + unset($types_by_extension_wrapper->types_by_extension[$key]); + } self::$photo_types_by_extension = $types_by_extension_wrapper->types_by_extension; } if ($extension) { @@ -67,6 +72,9 @@ class legal_file_Core { $types_by_extension_wrapper->types_by_extension = array( "flv" => "video/x-flv", "mp4" => "video/mp4", "m4v" => "video/x-m4v"); module::event("movie_types_by_extension", $types_by_extension_wrapper); + foreach (self::$blacklist as $key) { + unset($types_by_extension_wrapper->types_by_extension[$key]); + } self::$movie_types_by_extension = $types_by_extension_wrapper->types_by_extension; } if ($extension) { @@ -118,7 +126,7 @@ class legal_file_Core { $extensions_wrapper = new stdClass(); $extensions_wrapper->extensions = array_keys(legal_file::get_photo_types_by_extension()); module::event("legal_photo_extensions", $extensions_wrapper); - self::$photo_extensions = $extensions_wrapper->extensions; + self::$photo_extensions = array_diff($extensions_wrapper->extensions, self::$blacklist); } if ($extension) { // return true if in array, false if not @@ -139,7 +147,7 @@ class legal_file_Core { $extensions_wrapper = new stdClass(); $extensions_wrapper->extensions = array_keys(legal_file::get_movie_types_by_extension()); module::event("legal_movie_extensions", $extensions_wrapper); - self::$movie_extensions = $extensions_wrapper->extensions; + self::$movie_extensions = array_diff($extensions_wrapper->extensions, self::$blacklist); } if ($extension) { // return true if in array, false if not -- cgit v1.2.3 From 8dcdb3b8e14c58a65fb98a906dc8916d481c2af4 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Sat, 9 Feb 2013 18:12:08 +0100 Subject: #1997 - Update movie dimensions and mime type if previously set without FFmpeg. - Added code to check/correct movie width, height, and mime in graphics::generate. As the comment says in the commit, this isn't ideal, but doing it in an upgrade script wouldn't be very ideal either. --- modules/gallery/helpers/graphics.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'modules') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 4df57fba..e8df56ed 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -149,6 +149,19 @@ class graphics_Core { if (@filesize($output_file) == 0) { try { movie::extract_frame($working_file, $output_file, $movie_options_wrapper->movie_options); + // If we're here, we know ffmpeg is installed and the movie is valid. Because the + // user may not always have had ffmpeg installed, the movie's width, height, and + // mime type may need updating. Let's use this opportunity to make sure they're + // correct. It's not optimal to do it at this low level, but it's not trivial to find + // these cases quickly in an upgrade script. + list ($width, $height, $mime_type) = movie::get_file_metadata($working_file); + // Only set them if they need updating to avoid marking them as "changed" + if (($item->width != $width) || ($item->height != $height) || + ($item->mime_type != $mime_type)) { + $item->width = $width; + $item->height = $height; + $item->mime_type = $mime_type; + } } catch (Exception $e) { // Didn't work, likely because of MISSING_FFMPEG - use placeholder graphics::_replace_image_with_placeholder($item, $target); -- cgit v1.2.3 From 1d7f5e3ab117a6cce8f2a1d3de5e311b74dbee81 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Sat, 9 Feb 2013 20:48:02 +0100 Subject: #1935 - Make FFmpeg easier to install. - system::find_binary - add Gallery's bin subdirectory to search - system::find_binary - auto-fix permissions if found in Gallery's bin directory --- modules/gallery/helpers/system.php | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/system.php b/modules/gallery/helpers/system.php index fa834824..e1398103 100644 --- a/modules/gallery/helpers/system.php +++ b/modules/gallery/helpers/system.php @@ -20,22 +20,42 @@ class system_Core { /** * Return the path to an executable version of the named binary, or null. - * Traverse the PATH environment variable looking for the given file. If - * the $priority_path variable is set, check that path first. + * The paths are traversed in the following order: + * 1. $priority_path (if specified) + * 2. Gallery's own bin directory (DOCROOT . "bin") + * 3. PATH environment variable + * 4. extra_binary_paths Gallery variable (if specified) + * In addition, if the file is found inside Gallery's bin directory but + * it's not executable, we try to change its permissions to 0755. + * + * @param string $binary + * @param string $priority_path (optional) + * @return string path to binary if found; null if not found */ static function find_binary($binary, $priority_path=null) { - $paths = array_merge( - explode(":", getenv("PATH")), - explode(":", module::get_var("gallery", "extra_binary_paths"))); + $bin_path = DOCROOT . "bin"; + if ($priority_path) { - array_unshift($paths, $priority_path); + $paths = array($priority_path, $bin_path); + } else { + $paths = array($bin_path); } + $paths = array_merge($paths, + explode(":", getenv("PATH")), + explode(":", module::get_var("gallery", "extra_binary_paths"))); foreach ($paths as $path) { $candidate = "$path/$binary"; // @suppress errors below to avoid open_basedir issues - if (@file_exists($candidate) && @is_executable($candidate)) { - return $candidate; + if (@file_exists($candidate)) { + if (!@is_executable($candidate) && + (substr_compare($bin_path, $candidate, 0, strlen($bin_path)) == 0)) { + // Binary isn't executable but is in Gallery's bin directory - try fixing permissions. + @chmod($candidate, 0755); + } + if (@is_executable($candidate)) { + return $candidate; + } } } return null; -- cgit v1.2.3 From 9dbe2e15ad9db3b2be53e46bc5f67d382fb4089d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 9 Feb 2013 14:53:34 -0500 Subject: Extend siblings callbacks to take a $limit and an $offset for navigating large sibling sets. Useful for the thumbnav module since we don't want to iterate a thousand siblings to find the one we care about. Fixes #1999. --- modules/gallery/controllers/albums.php | 4 ++-- modules/gallery/libraries/Theme_View.php | 6 ++++-- modules/search/controllers/search.php | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index d545b415..0fb033a8 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -98,9 +98,9 @@ class Albums_Controller extends Items_Controller { "breadcrumbs" => Breadcrumb::array_from_item_parents($item)); } - static function get_siblings($item) { + static function get_siblings($item, $limit=null, $offset=null) { // @todo consider creating Item_Model::siblings() if we use this more broadly. - return $item->parent()->viewable()->children(); + return $item->parent()->viewable()->children($limit, $offset); } public function create($parent_id) { diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index cf384109..986fc8a2 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -86,8 +86,10 @@ class Theme_View_Core extends Gallery_View { return $this->item; } - public function siblings() { - return call_user_func_array($this->siblings_callback[0], $this->siblings_callback[1]); + public function siblings($limit=null, $offset=null) { + return call_user_func_array( + $this->siblings_callback[0], + array_merge($this->siblings_callback[1], array($offset, $limit))); } public function tag() { diff --git a/modules/search/controllers/search.php b/modules/search/controllers/search.php index b54d7699..25ccd81c 100644 --- a/modules/search/controllers/search.php +++ b/modules/search/controllers/search.php @@ -110,8 +110,8 @@ class Search_Controller extends Controller { Breadcrumb::instance($item->title, $item->url())->set_last())); } - static function get_siblings($q, $album) { - $result = search::search_within_album(search::add_query_terms($q), $album, 1000, 1); + static function get_siblings($q, $album, $limit=1000, $offset=1) { + $result = search::search_within_album(search::add_query_terms($q), $album, $limit, $offset); return $result[1]; } } -- cgit v1.2.3 From bfdf5a00fd8a256c4b564887f4eb649cf9d34774 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Sun, 10 Feb 2013 02:28:47 +0100 Subject: #2000 - Make legal_file::smash_extensions more robust. - Fixed legal_file::smash_extensions. - Added new unit test. - Removed duplicated condition in existing unit test. --- modules/gallery/helpers/legal_file.php | 6 +++++- modules/gallery/tests/Legal_File_Helper_Test.php | 10 +++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index 9ed564a1..ef588ceb 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -235,6 +235,10 @@ class legal_file_Core { * Reduce the given file to having a single extension. */ static function smash_extensions($filename) { + if (!$filename) { + // It's harmless, so return it before it causes issues with pathinfo. + return $filename; + } $parts = pathinfo($filename); $result = ""; if ($parts["dirname"] != ".") { @@ -243,7 +247,7 @@ class legal_file_Core { $parts["filename"] = str_replace(".", "_", $parts["filename"]); $parts["filename"] = preg_replace("/[_]+/", "_", $parts["filename"]); $parts["filename"] = trim($parts["filename"], "_"); - $result .= "{$parts['filename']}.{$parts['extension']}"; + $result .= isset($parts["extension"]) ? "{$parts['filename']}.{$parts['extension']}" : $parts["filename"]; return $result; } } diff --git a/modules/gallery/tests/Legal_File_Helper_Test.php b/modules/gallery/tests/Legal_File_Helper_Test.php index 84a29a52..203d5616 100644 --- a/modules/gallery/tests/Legal_File_Helper_Test.php +++ b/modules/gallery/tests/Legal_File_Helper_Test.php @@ -136,10 +136,18 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case { public function smash_extensions_test() { $this->assert_equal("foo_bar.jpg", legal_file::smash_extensions("foo.bar.jpg")); $this->assert_equal("foo_bar_baz.jpg", legal_file::smash_extensions("foo.bar.baz.jpg")); - $this->assert_equal("foo_bar_baz.jpg", legal_file::smash_extensions("foo.bar.baz.jpg")); $this->assert_equal("foo_bar_baz.jpg", legal_file::smash_extensions("...foo...bar..baz...jpg")); $this->assert_equal("/path/to/foo_bar.jpg", legal_file::smash_extensions("/path/to/foo.bar.jpg")); $this->assert_equal("/path/to.to/foo_bar.jpg", legal_file::smash_extensions("/path/to.to/foo.bar.jpg")); $this->assert_equal("foo_bar-12345678.jpg", legal_file::smash_extensions("foo.bar-12345678.jpg")); } + + public function smash_extensions_pass_thru_names_without_extensions_test() { + $this->assert_equal("foo", legal_file::smash_extensions("foo")); + $this->assert_equal("foo.", legal_file::smash_extensions("foo.")); + $this->assert_equal(".foo", legal_file::smash_extensions(".foo")); + $this->assert_equal(".", legal_file::smash_extensions(".")); + $this->assert_equal("", legal_file::smash_extensions("")); + $this->assert_equal(null, legal_file::smash_extensions(null)); + } } \ No newline at end of file -- cgit v1.2.3 From 27be4ae6064b8609a641f4bf239999d5a8ec2c60 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Sun, 10 Feb 2013 10:10:44 +0100 Subject: Follow-on to 0312d1b071bd4434ddb3f82888b0323da6bf3732 for #1994. - Updated function comments to match revisions. - No functional changes. --- modules/gallery/helpers/movie.php | 4 +--- modules/gallery/helpers/photo.php | 6 ++---- 2 files changed, 3 insertions(+), 7 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index d4b907a2..637d8ac0 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -138,9 +138,7 @@ class movie_Core { * -> return metadata from ffmpeg * Input is *not* standard movie type that is *not* supported by ffmpeg but is legal * -> return zero width, height, and duration; mime type and extension according to legal_file - * Input is *not* standard movie type that is *not* supported by ffmpeg and is *not* legal - * -> return zero width, height, and duration; null mime type and extension - * Input is not readable or does not exist + * Input is illegal, unidentifiable, unreadable, or does not exist * -> throw exception * Note: movie_get_file_metadata events can change any of the above cases (except the last one). */ diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 2d32f0d3..004cc7c4 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -94,10 +94,8 @@ class photo_Core { * Input is *not* standard photo type that is supported by getimagesize (e.g. tif, bmp...) * -> return metadata from getimagesize() * Input is *not* standard photo type that is *not* supported by getimagesize but is legal - * -> return zero width and height, mime type and extension according to legal_file - * Input is *not* standard photo type that is *not* supported by getimagesize and is *not* legal - * -> return zero width and height, null mime type and extension - * Input is not readable or does not exist + * -> return metadata if found by photo_get_file_metadata events + * Input is illegal, unidentifiable, unreadable, or does not exist * -> throw exception * Note: photo_get_file_metadata events can change any of the above cases (except the last one). */ -- cgit v1.2.3 From 0a2670a19ab121fe6970f2fcdf1864cb452a76c1 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Tue, 12 Feb 2013 00:30:30 +0100 Subject: #1988 - Add movie_allow_uploads option ("always", "never", or "autodetect"). - gallery_installer, module.info, install.sql - add movie_allow_uploads variable - movie::allow_uploads (new) - return true if movie_allow_uploads is "always" or "autodetect" and FFmpeg found, false otherwise - legal_file - use movie::allow_uploads instead of movie::find_ffmpeg - Form_Uploadify - use movie::allow_uploads instead of movie::find_ffmpeg --- installer/install.sql | 5 +++-- modules/gallery/helpers/gallery_installer.php | 8 ++++++++ modules/gallery/helpers/legal_file.php | 4 ++-- modules/gallery/helpers/movie.php | 25 +++++++++++++++++++++++++ modules/gallery/libraries/Form_Uploadify.php | 2 +- modules/gallery/module.info | 2 +- 6 files changed, 40 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/installer/install.sql b/installer/install.sql index 4097d51e..b89d6b9b 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -245,7 +245,7 @@ CREATE TABLE {modules} ( KEY `weight` (`weight`) ) AUTO_INCREMENT=10 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; -INSERT INTO {modules} VALUES (1,1,'gallery',55,1); +INSERT INTO {modules} VALUES (1,1,'gallery',56,1); INSERT INTO {modules} VALUES (2,1,'user',4,2); INSERT INTO {modules} VALUES (3,1,'comment',7,3); INSERT INTO {modules} VALUES (4,1,'organize',4,4); @@ -383,7 +383,7 @@ CREATE TABLE {vars} ( `value` text, PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) -) AUTO_INCREMENT=46 DEFAULT CHARSET=utf8; +) AUTO_INCREMENT=47 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {vars} VALUES (NULL,'gallery','active_site_theme','wind'); INSERT INTO {vars} VALUES (NULL,'gallery','active_admin_theme','admin_wind'); @@ -417,6 +417,7 @@ INSERT INTO {vars} VALUES (NULL,'gallery','extra_binary_paths','/usr/local/bin:/ INSERT INTO {vars} VALUES (NULL,'gallery','timezone',NULL); INSERT INTO {vars} VALUES (NULL,'gallery','lock_timeout','1'); INSERT INTO {vars} VALUES (NULL,'gallery','movie_extract_frame_time','3'); +INSERT INTO {vars} VALUES (NULL,'gallery','movie_allow_uploads','autodetect'); INSERT INTO {vars} VALUES (NULL,'gallery','blocks_site_sidebar','a:4:{i:10;a:2:{i:0;s:7:\"gallery\";i:1;s:8:\"language\";}i:11;a:2:{i:0;s:4:\"info\";i:1;s:8:\"metadata\";}i:12;a:2:{i:0;s:3:\"rss\";i:1;s:9:\"rss_feeds\";}i:13;a:2:{i:0;s:3:\"tag\";i:1;s:3:\"tag\";}}'); INSERT INTO {vars} VALUES (NULL,'gallery','identity_provider','user'); INSERT INTO {vars} VALUES (NULL,'user','minimum_password_length','5'); diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 7f10cdee..051a66cf 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -315,6 +315,7 @@ class gallery_installer { module::set_var("gallery", "timezone", null); module::set_var("gallery", "lock_timeout", 1); module::set_var("gallery", "movie_extract_frame_time", 3); + module::set_var("gallery", "movie_allow_uploads", "autodetect"); } static function upgrade($version) { @@ -789,6 +790,13 @@ class gallery_installer { module::set_version("gallery", $version = 55); } + if ($version == 55) { + // In v56, we added the ability to change the default behavior regarding movie uploads. It + // can be set to "always", "never", or "autodetect" to match the previous behavior where they + // are allowed only if FFmpeg is found. + module::set_var("gallery", "movie_allow_uploads", "autodetect"); + module::set_version("gallery", $version = 56); + } } static function uninstall() { diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index ef588ceb..debd1e6d 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -98,7 +98,7 @@ class legal_file_Core { */ static function get_types_by_extension($extension=null) { $types_by_extension = legal_file::get_photo_types_by_extension(); - if (movie::find_ffmpeg()) { + if (movie::allow_uploads()) { $types_by_extension = array_merge($types_by_extension, legal_file::get_movie_types_by_extension()); } @@ -165,7 +165,7 @@ class legal_file_Core { */ static function get_extensions($extension=null) { $extensions = legal_file::get_photo_extensions(); - if (movie::find_ffmpeg()) { + if (movie::allow_uploads()) { $extensions = array_merge($extensions, legal_file::get_movie_extensions()); } if ($extension) { diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index d4b907a2..eda478c7 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -24,6 +24,8 @@ * Note: by design, this class does not do any permission checking. */ class movie_Core { + private static $allow_uploads; + static function get_edit_form($movie) { $form = new Forge("movies/update/$movie->id", "", "post", array("id" => "g-edit-movie-form")); $form->hidden("from_id")->value($movie->id); @@ -109,6 +111,29 @@ class movie_Core { } } + /** + * Return true if movie uploads are allowed, false if not. This is based on the + * "movie_allow_uploads" Gallery variable as well as whether or not ffmpeg is found. + */ + static function allow_uploads() { + if (empty(self::$allow_uploads)) { + // Refresh ffmpeg settings + $ffmpeg = movie::find_ffmpeg(); + switch (module::get_var("gallery", "movie_allow_uploads", "autodetect")) { + case "always": + self::$allow_uploads = true; + break; + case "never": + self::$allow_uploads = false; + break; + default: + self::$allow_uploads = !empty($ffmpeg); + break; + } + } + return self::$allow_uploads; + } + /** * Return the path to the ffmpeg binary if one exists and is executable, or null. */ diff --git a/modules/gallery/libraries/Form_Uploadify.php b/modules/gallery/libraries/Form_Uploadify.php index 56793c69..1e58018d 100644 --- a/modules/gallery/libraries/Form_Uploadify.php +++ b/modules/gallery/libraries/Form_Uploadify.php @@ -46,7 +46,7 @@ class Form_Uploadify_Core extends Form_Input { $v->album = $this->data["album"]; $v->script_data = $this->data["script_data"]; $v->simultaneous_upload_limit = module::get_var("gallery", "simultaneous_upload_limit"); - $v->movies_allowed = (bool) movie::find_ffmpeg(); + $v->movies_allowed = movie::allow_uploads(); $v->extensions = legal_file::get_filters(); $v->suhosin_session_encrypt = (bool) ini_get("suhosin.session.encrypt"); diff --git a/modules/gallery/module.info b/modules/gallery/module.info index d79a5077..2383ec3c 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,6 +1,6 @@ name = "Gallery 3" description = "Gallery core application" -version = 55 +version = 56 author_name = "Gallery Team" author_url = "http://codex.galleryproject.org/Gallery:Team" info_url = "http://codex.galleryproject.org/Gallery3:Modules:gallery" -- cgit v1.2.3 From d04a6fc87d96b70ab0f70414f2ff40d1f1e7f482 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Tue, 12 Feb 2013 00:37:33 +0100 Subject: #2001 - Make filename sanitizing more consistent. - legal_file - added sanitize_filname() to sanitize photo/movie filenames. - admin_watermarks - revised add() to use new function. - item model - added _process_data_file_info() to validate the data file, get its metadata, and sanitize the item name. - item model - revised save() for new items to use _process_data_file_info *before* the slug is checked. - item model - revised save() for updated items to use _process_data_file_info. - item model - revised save() for updated items to sanitize name if changed. - uploader - removed call to smash_extensions (item model does this when it calls sanitize_filename). - Legal_File_Helper_Test - added unit tests for sanitize_filename. - Item_Model_Test - revised existing unit tests based on changes. - Item_Model_Test - added new unit tests for names with legal but incorrect extensions. - Averted take over by HAL with fix #2001... --- modules/gallery/controllers/uploader.php | 4 - modules/gallery/helpers/legal_file.php | 57 ++++++++++++ modules/gallery/models/item.php | 95 ++++++++++--------- modules/gallery/tests/Item_Model_Test.php | 101 ++++++++++----------- modules/gallery/tests/Legal_File_Helper_Test.php | 44 +++++++++ modules/watermark/controllers/admin_watermarks.php | 9 +- 6 files changed, 202 insertions(+), 108 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/uploader.php b/modules/gallery/controllers/uploader.php index 55c65c95..78437071 100644 --- a/modules/gallery/controllers/uploader.php +++ b/modules/gallery/controllers/uploader.php @@ -63,10 +63,6 @@ class Uploader_Controller extends Controller { $item->parent_id = $album->id; $item->set_data_file($temp_filename); - // Remove double extensions from the filename - they'll be disallowed in the model but if - // we don't do it here then it'll result in a failed upload. - $item->name = legal_file::smash_extensions($item->name); - $path_info = @pathinfo($temp_filename); if (array_key_exists("extension", $path_info) && legal_file::get_movie_extensions($path_info["extension"])) { diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index ef588ceb..5a852f2b 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -250,4 +250,61 @@ class legal_file_Core { $result .= isset($parts["extension"]) ? "{$parts['filename']}.{$parts['extension']}" : $parts["filename"]; return $result; } + + /** + * Sanitize a filename for a given type (given as "photo" or "movie") and a target file format + * (given as an extension). This returns a completely legal and valid filename, + * or throws an exception if the type or extension given is invalid or illegal. It tries to + * maintain the filename's original extension even if it's not identical to the given extension + * (e.g. don't change "JPG" or "jpeg" to "jpg"). + * + * Note: it is not okay if the extension given is legal but does not match the type (e.g. if + * extension is "mp4" and type is "photo", it will throw an exception) + * + * @param string $filename (with no directory) + * @param string $extension (can be uppercase or lowercase) + * @param string $type (as "photo" or "movie") + * @return string sanitized filename (or null if bad extension argument) + */ + static function sanitize_filename($filename, $extension, $type) { + // Check if the type is valid - if so, get the mime types of the + // original and target extensions; if not, throw an exception. + $original_extension = pathinfo($filename, PATHINFO_EXTENSION); + switch ($type) { + case "photo": + $mime_type = legal_file::get_photo_types_by_extension($extension); + $original_mime_type = legal_file::get_photo_types_by_extension($original_extension); + break; + case "movie": + $mime_type = legal_file::get_movie_types_by_extension($extension); + $original_mime_type = legal_file::get_movie_types_by_extension($original_extension); + break; + default: + throw new Exception("@todo INVALID_TYPE"); + } + + // Check if the target extension is blank or invalid - if so, throw an exception. + if (!$extension || !$mime_type) { + throw new Exception("@todo ILLEGAL_EXTENSION"); + } + + // Check if the mime types of the original and target extensions match - if not, fix it. + if (!$original_extension || ($mime_type != $original_mime_type)) { + $filename = legal_file::change_extension($filename, $extension); + } + + // It should be a filename without a directory - remove all slashes (and backslashes). + $filename = str_replace("/", "_", $filename); + $filename = str_replace("\\", "_", $filename); + + // Remove extra dots from the filename. This will also remove extraneous underscores. + $filename = legal_file::smash_extensions($filename); + + // It's possible that the filename has no base (e.g. ".jpg") - if so, give it a generic one. + if (empty($filename) || (substr($filename, 0, 1) == ".")) { + $filename = $type . $filename; // e.g. "photo.jpg" or "movie.mp4" + } + + return $filename; + } } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 33b8a89d..43b9a292 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -365,6 +365,14 @@ class Item_Model_Core extends ORM_MPTT { $this->weight = item::get_max_weight(); } + // Process the data file info. + if (isset($this->data_file)) { + $this->_process_data_file_info(); + } else if (!$this->is_album()) { + // Unless it's an album, new items must have a data file. + $this->data_file_error = true; + } + // Make an url friendly slug from the name, if necessary if (empty($this->slug)) { $this->slug = item::convert_filename_to_slug(pathinfo($this->name, PATHINFO_FILENAME)); @@ -377,31 +385,6 @@ class Item_Model_Core extends ORM_MPTT { } } - // Get the width, height and mime type from our data file for photos and movies. - if ($this->is_photo() || $this->is_movie()) { - try { - if ($this->is_photo()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - movie::get_file_metadata($this->data_file); - } - - // Force an extension onto the name if necessary - $pi = pathinfo($this->data_file); - if (empty($pi["extension"])) { - $this->name = "{$this->name}.$extension"; - } - - // Data file valid - make sure the flag is reset to false. - $this->data_file_error = false; - } catch (Exception $e) { - // Data file invalid - set the flag so it's reported during item validation. - $this->data_file_error = true; - } - } - $this->_check_and_fix_conflicts(); parent::save(); @@ -439,31 +422,19 @@ class Item_Model_Core extends ORM_MPTT { // keep it around. $original = ORM::factory("item", $this->id); - // Preserve the extension of the data file. Many helpers, (e.g. ImageMagick), assume + // If we have a new data file, process its info. This will get its metadata and + // preserve the extension of the data file. Many helpers, (e.g. ImageMagick), assume // the MIME type from the extension. So when we adopt the new data file, it's important // to adopt the new extension. That ensures that the item's extension is always // appropriate for its data. We don't try to preserve the name of the data file, though, // because the name is typically a temporary randomly-generated name. if (isset($this->data_file)) { - try { - $extension = pathinfo($this->data_file, PATHINFO_EXTENSION); - $new_name = pathinfo($this->name, PATHINFO_FILENAME) . ".$extension"; - if (!empty($extension) && strcmp($this->name, $new_name)) { - $this->name = $new_name; - } - if ($this->is_photo()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - photo::get_file_metadata($this->data_file); - } else if ($this->is_movie()) { - list ($this->width, $this->height, $this->mime_type, $extension) = - movie::get_file_metadata($this->data_file); - } - // Data file valid - make sure the flag is reset to false. - $this->data_file_error = false; - } catch (Exception $e) { - // Data file invalid - set the flag so it's reported during item validation. - $this->data_file_error = true; - } + $this->_process_data_file_info(); + } else if (!$this->is_album() && array_key_exists("name", $this->changed)) { + // There's no new data file, but the name changed. If it's a photo or movie, + // make sure the new name still agrees with the file type. + $this->name = legal_file::sanitize_filename($this->name, + pathinfo($original->name, PATHINFO_EXTENSION), $this->type); } // If an album's cover has changed (or been removed), delete any existing album cover, @@ -624,6 +595,40 @@ class Item_Model_Core extends ORM_MPTT { } } + /** + * Process the data file info. Get its metadata and extension. + * If valid, use it to sanitize the item name and update the + * width, height, and mime type. + */ + private function _process_data_file_info() { + try { + if ($this->is_photo()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + photo::get_file_metadata($this->data_file); + } else if ($this->is_movie()) { + list ($this->width, $this->height, $this->mime_type, $extension) = + movie::get_file_metadata($this->data_file); + } else { + // Albums don't have data files. + $this->data_file = null; + return; + } + + // Sanitize the name based on the idenified extension, but only set $this->name if different + // to ensure it isn't unnecessarily marked as "changed" + $name = legal_file::sanitize_filename($this->name, $extension, $this->type); + if ($this->name != $name) { + $this->name = $name; + } + + // Data file valid - make sure the flag is reset to false. + $this->data_file_error = false; + } catch (Exception $e) { + // Data file invalid - set the flag so it's reported during item validation. + $this->data_file_error = true; + } + } + /** * Return the Item_Model representing the cover for this album. * @return Item_Model or null if there's no cover diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index a93498dd..fcb5c2ad 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -126,14 +126,9 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { public function item_rename_wont_accept_slash_test() { $item = test::random_photo(); - try { - $item->name = test::random_name() . "/"; - $item->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal(array("name" => "no_slashes"), $e->validation->errors()); - return; - } - $this->assert_true(false, "Shouldn't get here"); + $item->name = "/no_slashes/allowed/"; + $item->save(); + $this->assert_equal("no_slashes_allowed.jpg", $item->name); } public function move_album_test() { @@ -328,30 +323,17 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { } public function photo_files_must_have_an_extension_test() { - try { - $photo = test::random_photo_unsaved(); - $photo->mime_type = "image/jpeg"; - $photo->name = "no_extension"; - $photo->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); - return; // pass - } - $this->assert_true(false, "Shouldn't get here"); + $photo = test::random_photo_unsaved(); + $photo->name = "no_extension_photo"; + $photo->save(); + $this->assert_equal("no_extension_photo.jpg", $photo->name); } public function movie_files_must_have_an_extension_test() { - try { - $movie = test::random_movie_unsaved(); - $movie->type = "movie"; - $movie->mime_type = "video/x-flv"; - $movie->name = "no_extension"; - $movie->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); - return; // pass - } - $this->assert_true(false, "Shouldn't get here"); + $movie = test::random_movie_unsaved(); + $movie->name = "no_extension_movie"; + $movie->save(); + $this->assert_equal("no_extension_movie.flv", $movie->name); } public function cant_delete_root_album_test() { @@ -445,7 +427,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); + $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); @@ -462,6 +444,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_same(array("name" => "invalid_data_file"), $e->validation->errors()); return; // pass } + $this->assert_true(false, "Shouldn't get here"); } public function urls_test() { @@ -493,43 +476,55 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $album->thumb_url() . " is malformed"); } - public function legal_extension_test() { - foreach (array("test.gif", "test.GIF", "test.Gif", "test.jpeg", "test.JPG") as $name) { + public function legal_extension_that_does_match_gets_used_test() { + foreach (array("jpg", "JPG", "Jpg", "jpeg") as $extension) { $photo = test::random_photo_unsaved(item::root()); - $photo->name = $name; + $photo->name = test::random_name() . ".{$extension}"; $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal($extension, pathinfo($photo->name, PATHINFO_EXTENSION)); } } public function illegal_extension_test() { foreach (array("test.php", "test.PHP", "test.php5", "test.php4", "test.pl", "test.php.png") as $name) { - try { - $photo = test::random_photo_unsaved(item::root()); - $photo->name = $name; - $photo->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal(array("name" => "illegal_data_file_extension"), - $e->validation->errors()); - continue; - } - $this->assert_true(false, "Shouldn't get here"); + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); } } public function cant_rename_to_illegal_extension_test() { foreach (array("test.php.test", "test.php", "test.PHP", "test.php5", "test.php4", "test.pl") as $name) { - try { - $photo = test::random_photo(item::root()); - $photo->name = $name; - $photo->save(); - } catch (ORM_Validation_Exception $e) { - $this->assert_equal(array("name" => "illegal_data_file_extension"), - $e->validation->errors()); - continue; - } - $this->assert_true(false, "Shouldn't get here"); + $photo = test::random_photo(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); + } + } + + public function legal_extension_that_doesnt_match_gets_fixed_test() { + foreach (array("test.png", "test.mp4", "test.GIF") as $name) { + $photo = test::random_photo_unsaved(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); + } + } + + public function rename_to_legal_extension_that_doesnt_match_gets_fixed_test() { + foreach (array("test.png", "test.mp4", "test.GIF") as $name) { + $photo = test::random_photo(item::root()); + $photo->name = $name; + $photo->save(); + // Should get renamed with the correct jpg extension of the data file. + $this->assert_equal("jpg", pathinfo($photo->name, PATHINFO_EXTENSION)); } } diff --git a/modules/gallery/tests/Legal_File_Helper_Test.php b/modules/gallery/tests/Legal_File_Helper_Test.php index 203d5616..7ed5214b 100644 --- a/modules/gallery/tests/Legal_File_Helper_Test.php +++ b/modules/gallery/tests/Legal_File_Helper_Test.php @@ -150,4 +150,48 @@ class Legal_File_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal("", legal_file::smash_extensions("")); $this->assert_equal(null, legal_file::smash_extensions(null)); } + + public function sanitize_filename_with_no_rename_test() { + $this->assert_equal("foo.jpeg", legal_file::sanitize_filename("foo.jpeg", "jpg", "photo")); + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo.jpg", "jpeg", "photo")); + $this->assert_equal("foo.MP4", legal_file::sanitize_filename("foo.MP4", "mp4", "movie")); + $this->assert_equal("foo.mp4", legal_file::sanitize_filename("foo.mp4", "MP4", "movie")); + } + + public function sanitize_filename_with_corrected_extension_test() { + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo.png", "jpg", "photo")); + $this->assert_equal("foo.MP4", legal_file::sanitize_filename("foo.jpg", "MP4", "movie")); + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo.php", "jpg", "photo")); + } + + public function sanitize_filename_with_non_standard_chars_and_dots_test() { + $this->assert_equal("foo.jpg", legal_file::sanitize_filename("foo", "jpg", "photo")); + $this->assert_equal("foo.mp4", legal_file::sanitize_filename("foo.", "mp4", "movie")); + $this->assert_equal("foo.jpeg", legal_file::sanitize_filename(".foo.jpeg", "jpg", "photo")); + $this->assert_equal("foo_2013_02_10.jpeg", + legal_file::sanitize_filename("foo.2013/02/10.jpeg", "jpg", "photo")); + $this->assert_equal("foo_bar_baz.jpg", + legal_file::sanitize_filename("...foo...bar..baz...png", "jpg", "photo")); + $this->assert_equal("j'écris@un#nom_bizarre(mais quand_même_ça_passe.jpg", + legal_file::sanitize_filename("/j'écris@un#nom/bizarre(mais quand.même/ça_passe.\$ÇÀ@€#_", "jpg", "photo")); + } + + public function sanitize_filename_with_no_base_name_test() { + $this->assert_equal("photo.jpg", legal_file::sanitize_filename(".png", "jpg", "photo")); + $this->assert_equal("movie.mp4", legal_file::sanitize_filename("__..__", "mp4", "movie")); + $this->assert_equal("photo.jpg", legal_file::sanitize_filename(".", "jpg", "photo")); + $this->assert_equal("movie.mp4", legal_file::sanitize_filename(null, "mp4", "movie")); + } + + public function sanitize_filename_with_invalid_arguments_test() { + foreach (array("flv" => "photo", "jpg" => "movie", "php" => "photo", + null => "movie", "jpg" => "album", "jpg" => null) as $extension => $type) { + try { + legal_file::sanitize_filename("foo.jpg", $extension, $type); + $this->assert_true(false, "Shouldn't get here"); + } catch (Exception $e) { + // pass + } + } + } } \ No newline at end of file diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 59bb7fa9..b058d6a5 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -97,18 +97,15 @@ class Admin_Watermarks_Controller extends Admin_Controller { // validation logic will correctly reject it. So, we skip validation when we're running tests. if (TEST_MODE || $form->validate()) { $file = $_POST["file"]; - $pathinfo = pathinfo($file); // Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness - $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]); - $name = legal_file::smash_extensions($name); + $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', basename($file)); try { list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file); - // Force correct, legal extension type on file, which will be of our canonical type - // (i.e. all lowercase, jpg instead of jpeg, etc.). This renaming prevents the issues + // Sanitize filename, which ensures a valid extension. This renaming prevents the issues // addressed in ticket #1855, where an image that looked valid (header said jpg) with a // php extension was previously accepted without changing its extension. - $name = legal_file::change_extension($name, $extension); + $name = legal_file::sanitize_filename($name, $extension, "photo"); } catch (Exception $e) { message::error(t("Invalid or unidentifiable image file")); @unlink($file); -- cgit v1.2.3 From d3ca2617f21be55509a30b02babec156f0bac539 Mon Sep 17 00:00:00 2001 From: Mike Miller Date: Wed, 13 Feb 2013 23:11:32 +0200 Subject: Replace = with == This was my mistake; I didn't test it thoroughly. It results in all g2 mappings being broken! --- modules/g2_import/controllers/g2.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/g2_import/controllers/g2.php b/modules/g2_import/controllers/g2.php index ba8ae7fa..abbf87a0 100644 --- a/modules/g2_import/controllers/g2.php +++ b/modules/g2_import/controllers/g2.php @@ -37,7 +37,7 @@ class G2_Controller extends Controller { // Tags did not have mappings created, so we need to catch them first. However, if a g2_itemId was // passed, we'll want to show lookup the mapping anyway - if (($path && 0 === strpos($path, "tag/")) || $view = "tags.VirtualAlbum") { + if (($path && 0 === strpos($path, "tag/")) || $view == "tags.VirtualAlbum") { if (0 === strpos($path, "tag/")) { $tag_name = substr($path, 4); } -- cgit v1.2.3 From 72a6a8abafb90321ecd4e2101eac03f86c7c07dd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 14 Feb 2013 14:40:34 -0500 Subject: Follow-on to 9dbe2e15ad9db3b2be53e46bc5f67d382fb4089d for #1999. Fix an issue where siblings() by itself throws an error. The problem is that Theme_View::siblings() passes a null offset and limit to the callback which gets passed down to search::search_within_album, which creates its query in raw SQL and doesn't check for a null offset/limit. We want a reasonable limit on the size of the set here (and 1000 is probably wayyy too high so lower that to 100) so amend get_siblings to stop using default parameters and actually check the inputs. Author: Bharat Mediratta Date: Sat Feb 9 14:53:34 2013 -0500 Extend siblings callbacks to take a $limit and an $offset for navigating large sibling sets. Useful for the thumbnav module since we don't want to iterate a thousand siblings to find the one we care about. Fixes #1999. --- modules/search/controllers/search.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/search/controllers/search.php b/modules/search/controllers/search.php index 25ccd81c..753d9b69 100644 --- a/modules/search/controllers/search.php +++ b/modules/search/controllers/search.php @@ -110,7 +110,13 @@ class Search_Controller extends Controller { Breadcrumb::instance($item->title, $item->url())->set_last())); } - static function get_siblings($q, $album, $limit=1000, $offset=1) { + static function get_siblings($q, $album, $limit, $offset) { + if (!isset($limit)) { + $limit = 100; + } + if (!isset($offset)) { + $offset = 1; + } $result = search::search_within_album(search::add_query_terms($q), $album, $limit, $offset); return $result[1]; } -- cgit v1.2.3 From f212f6a794c4aff96446b99e4824a9e2c8cfb259 Mon Sep 17 00:00:00 2001 From: shadlaws Date: Thu, 14 Feb 2013 23:42:20 +0100 Subject: #2003 - Add admin/movies screen. Added admin/movies screen analogous to the admin/graphics screen so the user can: - see how FFmpeg is configured (path and version, similar to toolkits in admin/graphics) - get some instructions on how to install FFmpeg if not found - change the movie_allow_uploads setting - ask Gallery to rebuild their movie thumbs Specifics: - admin_movies, admin_movies.html (new) - new Movies admin screen - ffmpeg.png (new) - logo for admin screen - movie::get_ffmpeg_version (new) - return version number and date of FFmpeg - form_uploadify.html - change admin message if movie uploads are disabled - gallery_event::admin_menu - added Movies link to Settings - xss_data.txt - updated golden file for unit tests --- modules/gallery/controllers/admin_movies.php | 72 ++++++++++++++++++++++++++ modules/gallery/helpers/gallery_event.php | 4 ++ modules/gallery/helpers/movie.php | 28 ++++++++++ modules/gallery/images/ffmpeg.png | Bin 0 -> 2888 bytes modules/gallery/tests/xss_data.txt | 1 + modules/gallery/views/admin_movies.html.php | 44 ++++++++++++++++ modules/gallery/views/form_uploadify.html.php | 2 +- 7 files changed, 150 insertions(+), 1 deletion(-) create mode 100644 modules/gallery/controllers/admin_movies.php create mode 100644 modules/gallery/images/ffmpeg.png create mode 100644 modules/gallery/views/admin_movies.html.php (limited to 'modules') diff --git a/modules/gallery/controllers/admin_movies.php b/modules/gallery/controllers/admin_movies.php new file mode 100644 index 00000000..38fa44a5 --- /dev/null +++ b/modules/gallery/controllers/admin_movies.php @@ -0,0 +1,72 @@ +_get_admin_form(); + $this->_print_view($form); + } + + public function save() { + access::verify_csrf(); + $form = $this->_get_admin_form(); + if ($form->validate()) { + module::set_var("gallery", "movie_allow_uploads", $form->settings->allow_uploads->value); + if ($form->settings->rebuild_thumbs->value) { + graphics::mark_dirty(true, false, "movie"); + } + // All done - redirect with message. + message::success(t("Movies settings updated successfully")); + url::redirect("admin/movies"); + } + // Something went wrong - print view from existing form. + $this->_print_view($form); + } + + private function _print_view($form) { + list ($ffmpeg_version, $ffmpeg_date) = movie::get_ffmpeg_version(); + $ffmpeg_version = $ffmpeg_date ? "{$ffmpeg_version} ({$ffmpeg_date})" : $ffmpeg_version; + $ffmpeg_path = movie::find_ffmpeg(); + $ffmpeg_dir = substr($ffmpeg_path, 0, strrpos($ffmpeg_path, "/")); + + $view = new Admin_View("admin.html"); + $view->page_title = t("Movies settings"); + $view->content = new View("admin_movies.html"); + $view->content->form = $form; + $view->content->ffmpeg_dir = $ffmpeg_dir; + $view->content->ffmpeg_version = $ffmpeg_version; + print $view; + } + + private function _get_admin_form() { + $form = new Forge("admin/movies/save", "", "post", array("id" => "g-movies-admin-form")); + $group = $form->group("settings")->label(t("Settings")); + $group->dropdown("allow_uploads") + ->label(t("Allow movie uploads into Gallery (does not affect existing movies)")) + ->options(array("autodetect"=>t("only if FFmpeg is detected (default)"), + "always"=>t("always"), "never"=>t("never"))) + ->selected(module::get_var("gallery", "movie_allow_uploads", "autodetect")); + $group->checkbox("rebuild_thumbs") + ->label(t("Rebuild all movie thumbnails (once FFmpeg is installed, use this to update existing movie thumbnails)")) + ->checked(false); // always set as false + $form->submit("save")->value(t("Save")); + return $form; + } +} diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index aeb1c7eb..54c60296 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -398,6 +398,10 @@ class gallery_event_Core { ->id("graphics_toolkits") ->label(t("Graphics")) ->url(url::site("admin/graphics"))) + ->append(Menu::factory("link") + ->id("movies_settings") + ->label(t("Movies")) + ->url(url::site("admin/movies"))) ->append(Menu::factory("link") ->id("languages") ->label(t("Languages")) diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 863e1cf9..aff2acc1 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -146,6 +146,34 @@ class movie_Core { return $ffmpeg_path; } + /** + * Return version number and build date of ffmpeg if found, empty string(s) if not. When using + * static builds that aren't official releases, the version numbers are strange, hence why the + * date can be useful. + */ + static function get_ffmpeg_version() { + $ffmpeg = movie::find_ffmpeg(); + if (empty($ffmpeg)) { + return array("", ""); + } + + // Find version using -h argument since -version wasn't available in early versions. + // To keep the preg_match searches quick, we'll trim the (otherwise long) result. + $cmd = escapeshellcmd($ffmpeg) . " -h 2>&1"; + $result = substr(`$cmd`, 0, 1000); + if (preg_match("/ffmpeg version (\S+)/i", $result, $matches_version)) { + // Version number found - see if we can get the build date or copyright year as well. + if (preg_match("/built on (\S+\s\S+\s\S+)/i", $result, $matches_build_date)) { + return array(trim($matches_version[1], ","), trim($matches_build_date[1], ",")); + } else if (preg_match("/copyright \S*\s?2000-(\d{4})/i", $result, $matches_copyright_date)) { + return array(trim($matches_version[1], ","), $matches_copyright_date[1]); + } else { + return array(trim($matches_version[1], ","), ""); + } + } + return array("", ""); + } + /** * Return the width, height, mime_type, extension and duration of the given movie file. * Metadata is first generated using ffmpeg (or set to defaults if it fails), diff --git a/modules/gallery/images/ffmpeg.png b/modules/gallery/images/ffmpeg.png new file mode 100644 index 00000000..6be8b62a Binary files /dev/null and b/modules/gallery/images/ffmpeg.png differ diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 51347f86..67a8b948 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -111,6 +111,7 @@ modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY_ATTR $css modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY $message modules/gallery/views/admin_modules_confirm.html.php 16 DIRTY access::csrf_form_field() modules/gallery/views/admin_modules_confirm.html.php 18 DIRTY form::hidden($module,1) +modules/gallery/views/admin_movies.html.php 43 DIRTY $form modules/gallery/views/admin_sidebar.html.php 50 DIRTY $available modules/gallery/views/admin_sidebar.html.php 58 DIRTY $active modules/gallery/views/admin_sidebar_blocks.html.php 4 DIRTY_ATTR $ref diff --git a/modules/gallery/views/admin_movies.html.php b/modules/gallery/views/admin_movies.html.php new file mode 100644 index 00000000..e7810711 --- /dev/null +++ b/modules/gallery/views/admin_movies.html.php @@ -0,0 +1,44 @@ + +
+

+

+ + +

+

+ + static build of FFmpeg from one of the links here.", array("url" => "http://ffmpeg.org/download.html")) ?> + +

+

+ +

+

+ We can help!", + array("url" => "http://codex.galleryproject.org/Gallery3:FAQ#Why_does_it_say_I.27m_missing_ffmpeg.3F")) ?> +

+ +
+

+
+ " alt="" /> +

+
+ FFmpeg website for more information.", array("url" => "http://ffmpeg.org")) ?> +

+
+ + +

$ffmpeg_version, "dir" => $ffmpeg_dir)) ?>

+ +

$ffmpeg_dir)) ?>

+ + +

+ +
+
+
+ + +
diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php index 4426514a..c13e3418 100644 --- a/modules/gallery/views/form_uploadify.html.php +++ b/modules/gallery/views/form_uploadify.html.php @@ -131,7 +131,7 @@ admin && !$movies_allowed): ?>

- ffmpeg on your system. Movie uploading disabled. Help!", array("help_url" => "http://codex.galleryproject.org/Gallery3:FAQ#Why_does_it_say_I.27m_missing_ffmpeg.3F")) ?> + Help!", array("help_url" => url::site("admin/movies"))) ?>

-- cgit v1.2.3 From 264e1e82b23f622e9a79f7834cfcbfb536eac4f6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 15 Feb 2013 12:55:16 -0500 Subject: Digibug up and vanished. Move the module to contrib for now. This will leave the module active in any existing installs that had it active, but that shouldn't cause any negative impact. Fixes #2002. --- modules/digibug/config/digibug.php | 29 ------ modules/digibug/controllers/admin_digibug.php | 27 ----- modules/digibug/controllers/digibug.php | 121 ---------------------- modules/digibug/helpers/digibug_event.php | 52 ---------- modules/digibug/helpers/digibug_installer.php | 51 --------- modules/digibug/helpers/digibug_theme.php | 24 ----- modules/digibug/images/digibug_logo.png | Bin 17296 -> 0 bytes modules/digibug/js/digibug.js | 43 -------- modules/digibug/models/digibug_proxy.php | 22 ---- modules/digibug/module.info | 7 -- modules/digibug/tests/Digibug_Controller_Test.php | 74 ------------- modules/digibug/views/admin_digibug.html.php | 20 ---- modules/digibug/views/digibug_form.html.php | 13 --- 13 files changed, 483 deletions(-) delete mode 100644 modules/digibug/config/digibug.php delete mode 100644 modules/digibug/controllers/admin_digibug.php delete mode 100644 modules/digibug/controllers/digibug.php delete mode 100644 modules/digibug/helpers/digibug_event.php delete mode 100644 modules/digibug/helpers/digibug_installer.php delete mode 100644 modules/digibug/helpers/digibug_theme.php delete mode 100644 modules/digibug/images/digibug_logo.png delete mode 100644 modules/digibug/js/digibug.js delete mode 100644 modules/digibug/models/digibug_proxy.php delete mode 100644 modules/digibug/module.info delete mode 100644 modules/digibug/tests/Digibug_Controller_Test.php delete mode 100644 modules/digibug/views/admin_digibug.html.php delete mode 100644 modules/digibug/views/digibug_form.html.php (limited to 'modules') diff --git a/modules/digibug/config/digibug.php b/modules/digibug/config/digibug.php deleted file mode 100644 index 9412ca96..00000000 --- a/modules/digibug/config/digibug.php +++ /dev/null @@ -1,29 +0,0 @@ - email address that appears as the from address - * line-length => word wrap length (PHP documentations suggest no larger tha 70 characters - * reply-to => what goes into the reply to header - */ -$config["ranges"] = array( - "Digibug1" => array("low" => "65.249.152.0", "high" => "65.249.159.255"), - "Digibug2" => array("low" => "208.122.55.0", "high" => "208.122.55.255") -); diff --git a/modules/digibug/controllers/admin_digibug.php b/modules/digibug/controllers/admin_digibug.php deleted file mode 100644 index 50f6f832..00000000 --- a/modules/digibug/controllers/admin_digibug.php +++ /dev/null @@ -1,27 +0,0 @@ -page_title = t("Digibug"); - $v->content = new View("admin_digibug.html"); - print $v; - } -} \ No newline at end of file diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php deleted file mode 100644 index 19199188..00000000 --- a/modules/digibug/controllers/digibug.php +++ /dev/null @@ -1,121 +0,0 @@ -file_url(true); - $thumb_url = $item->thumb_url(true); - } else { - $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = random::hash(); - $proxy->item_id = $item->id; - $proxy->save(); - $full_url = url::abs_site("digibug/print_proxy/full/$proxy->uuid/$item->id"); - $thumb_url = url::abs_site("digibug/print_proxy/thumb/$proxy->uuid/$item->id"); - } - - $v = new View("digibug_form.html"); - $v->order_params = array( - "digibug_api_version" => "100", - "company_id" => module::get_var("digibug", "company_id"), - "event_id" => module::get_var("digibug", "event_id"), - "cmd" => "addimg", - "partner_code" => "69", - "return_url" => url::abs_site("digibug/close_window"), - "num_images" => "1", - "image_1" => $full_url, - "thumb_1" => $thumb_url, - "image_height_1" => $item->height, - "image_width_1" => $item->width, - "thumb_height_1" => $item->thumb_height, - "thumb_width_1" => $item->thumb_width, - "title_1" => html::purify($item->title)); - - print $v; - } - - public function print_proxy($type, $uuid) { - // If its a request for the full size then make sure we are coming from an - // authorized address - if ($type == "full") { - $remote_addr = ip2long(Input::instance()->server("REMOTE_ADDR")); - if ($remote_addr === false) { - throw new Kohana_404_Exception(); - } - $config = Kohana::config("digibug"); - - $authorized = false; - foreach ($config["ranges"] as $ip_range) { - $low = ip2long($ip_range["low"]); - $high = ip2long($ip_range["high"]); - $authorized = $low !== false && $high !== false && - $low <= $remote_addr && $remote_addr <= $high; - if ($authorized) { - break; - } - } - if (!$authorized) { - throw new Kohana_404_Exception(); - } - } - - $proxy = ORM::factory("digibug_proxy")->where("uuid", "=", $uuid)->find(); - if (!$proxy->loaded() || !$proxy->item->loaded()) { - throw new Kohana_404_Exception(); - } - - $file = $type == "full" ? $proxy->item->file_path() : $proxy->item->thumb_path(); - if (!file_exists($file)) { - throw new Kohana_404_Exception(); - } - - // We don't need to save the session for this request - Session::instance()->abort_save(); - - if (!TEST_MODE) { - // Dump out the image - header("Content-Type: {$proxy->item->mime_type}"); - Kohana::close_buffers(false); - $fd = fopen($file, "rb"); - fpassthru($fd); - fclose($fd); - } - - $this->_clean_expired(); - } - - public function close_window() { - print ""; - } - - private function _clean_expired() { - db::build() - ->delete("digibug_proxies") - ->where("request_date", "<=", db::expr("(CURDATE() - INTERVAL 90 DAY)")) - ->limit(20) - ->execute(); - } -} \ No newline at end of file diff --git a/modules/digibug/helpers/digibug_event.php b/modules/digibug/helpers/digibug_event.php deleted file mode 100644 index eaebc87b..00000000 --- a/modules/digibug/helpers/digibug_event.php +++ /dev/null @@ -1,52 +0,0 @@ -get("settings_menu") - ->append(Menu::factory("link") - ->id("digibug_menu") - ->label(t("Digibug")) - ->url(url::site("admin/digibug"))); - } - - static function site_menu($menu, $theme) { - $item = $theme->item(); - if ($item && $item->type == "photo") { - $menu->get("options_menu") - ->append(Menu::factory("link") - ->id("digibug") - ->label(t("Print with Digibug")) - ->url(url::site("digibug/print_photo/$item->id?csrf=$theme->csrf")) - ->css_id("g-print-digibug-link") - ->css_class("g-print-digibug-link ui-icon-print")); - } - } - - static function context_menu($menu, $theme, $item) { - if ($item->type == "photo") { - $menu->get("options_menu") - ->append(Menu::factory("link") - ->id("digibug") - ->label(t("Print with Digibug")) - ->url(url::site("digibug/print_photo/$item->id?csrf=$theme->csrf")) - ->css_class("g-print-digibug-link ui-icon-print")); - } - } -} diff --git a/modules/digibug/helpers/digibug_installer.php b/modules/digibug/helpers/digibug_installer.php deleted file mode 100644 index be88b5ec..00000000 --- a/modules/digibug/helpers/digibug_installer.php +++ /dev/null @@ -1,51 +0,0 @@ -query("CREATE TABLE {digibug_proxies} ( - `id` int(9) NOT NULL AUTO_INCREMENT, - `uuid` char(32) NOT NULL, - `request_date` TIMESTAMP NOT NULL DEFAULT current_timestamp, - `item_id` int(9) NOT NULL, - PRIMARY KEY (`id`)) - DEFAULT CHARSET=utf8;"); - - module::set_var("digibug", "company_id", "3153"); - module::set_var("digibug", "event_id", "8491"); - } - - static function upgrade($version) { - if ($version == 1) { - module::clear_var("digibug", "default_company_id"); - module::clear_var("digibug", "default_event_id"); - module::clear_var("digibug", "basic_default_company_id"); - module::clear_var("digibug", "basic_event_id"); - module::set_var("digibug", "company_id", "3153"); - module::set_var("digibug", "event_id", "8491"); - module::set_version("digibug", $version = 2); - } - } - - static function uninstall() { - Database::instance()->query("DROP TABLE IF EXISTS {digibug_proxies}"); - module::delete("digibug"); - } -} diff --git a/modules/digibug/helpers/digibug_theme.php b/modules/digibug/helpers/digibug_theme.php deleted file mode 100644 index e3795c3b..00000000 --- a/modules/digibug/helpers/digibug_theme.php +++ /dev/null @@ -1,24 +0,0 @@ -script("digibug.js"); - } -} diff --git a/modules/digibug/images/digibug_logo.png b/modules/digibug/images/digibug_logo.png deleted file mode 100644 index 5eac2c7d..00000000 Binary files a/modules/digibug/images/digibug_logo.png and /dev/null differ diff --git a/modules/digibug/js/digibug.js b/modules/digibug/js/digibug.js deleted file mode 100644 index 46ddac52..00000000 --- a/modules/digibug/js/digibug.js +++ /dev/null @@ -1,43 +0,0 @@ -$(document).ready(function() { - $(".g-print-digibug-link").click(function(e) { - e.preventDefault(); - return digibug_popup(e.currentTarget.href, { width: 800, height: 600 } ); - }); -}); - -function digibug_popup(url, options) { - options = $.extend({ - /* default options */ - width: '800', - height: '600', - target: 'dbPopWin', - scrollbars: 'yes', - resizable: 'no', - menuBar: 'no', - addressBar: 'yes' - }, options); - - // center the window by default. - if (!options.winY) { - options.winY = screen.height / 2 - options.height / 2; - }; - if (!options.winX) { - options.winX = screen.width / 2 - options.width / 2; - }; - - open( - url, - options['target'], - 'width= ' + options.width + - ',height=' + options.height + - ',top=' + options.winY + - ',left=' + options.winX + - ',scrollbars=' + options.scrollbars + - ',resizable=' + options.resizable + - ',menubar=' + options.menuBar + - ',location=' + options.addressBar - ); - - return false; - -} diff --git a/modules/digibug/models/digibug_proxy.php b/modules/digibug/models/digibug_proxy.php deleted file mode 100644 index 18c77d49..00000000 --- a/modules/digibug/models/digibug_proxy.php +++ /dev/null @@ -1,22 +0,0 @@ -_server = $_SERVER; - } - - public function teardown() { - $_SERVER = $this->_server; - } - - private function _get_proxy() { - $album = test::random_album(); - $photo = test::random_photo($album); - - access::deny(identity::everybody(), "view_full", $album); - access::deny(identity::registered_users(), "view_full", $album); - - $proxy = ORM::factory("digibug_proxy"); - $proxy->uuid = random::hash(); - $proxy->item_id = $photo->id; - return $proxy->save(); - } - - public function digibug_request_thumb_test() { - $proxy = $this->_get_proxy(); - - $controller = new Digibug_Controller(); - $controller->print_proxy("thumb", $proxy->uuid); - } - - public function digibug_request_full_malicious_ip_test() { - $_SERVER["REMOTE_ADDR"] = "123.123.123.123"; - try { - $controller = new Digibug_Controller(); - $controller->print_proxy("full", $this->_get_proxy()->uuid); - $this->assert_true(false, "Should have failed with an 404 exception"); - } catch (Kohana_404_Exception $e) { - // expected behavior - } - } - - public function digibug_request_full_authorized_ip_test() { - $config = Kohana::config("digibug"); - $this->assert_true(!empty($config), "The Digibug config is empty"); - - $ranges = array_values($config["ranges"]); - $low = ip2long($ranges[0]["low"]); - $high = ip2long($ranges[0]["high"]); - - $_SERVER["REMOTE_ADDR"] = long2ip(rand($low, $high)); - $controller = new Digibug_Controller(); - $controller->print_proxy("full", $this->_get_proxy()->uuid); - } -} diff --git a/modules/digibug/views/admin_digibug.html.php b/modules/digibug/views/admin_digibug.html.php deleted file mode 100644 index d673b116..00000000 --- a/modules/digibug/views/admin_digibug.html.php +++ /dev/null @@ -1,20 +0,0 @@ - -
- " alt="Digibug logo" class="g-right"/> -

-
-

- -

-
    -
  • - -
    • -
-

- register with Digibug and enter your Digibug id in the Advanced Settings page you can make money off of your photos!", - array("signup_url" => "http://www.digibug.com/signup.php", - "advanced_settings_url" => html::mark_clean(url::site("admin/advanced_settings")))) ?> -

-
-
diff --git a/modules/digibug/views/digibug_form.html.php b/modules/digibug/views/digibug_form.html.php deleted file mode 100644 index af5a88b4..00000000 --- a/modules/digibug/views/digibug_form.html.php +++ /dev/null @@ -1,13 +0,0 @@ - - - - - $value): ?> - - - - - - -- cgit v1.2.3